Sourced from tzinfo's releases.
v1.2.10
- Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when used with
RubyDataSource
. Please refer to https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx for details. CVE-2022-31163.- Ignore the SECURITY file from Arch Linux's tzdata package. https://github.com/facebook/rocksdb/issues/134.
Sourced from tzinfo's changelog.
Version 1.2.10 - 19-Jul-2022
- Fixed a relative path traversal bug that could cause arbitrary files to be loaded with
require
when used withRubyDataSource
. Please refer to https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx for details. CVE-2022-31163.- Ignore the SECURITY file from Arch Linux's tzdata package. https://github.com/facebook/rocksdb/issues/134.
0814dcd
Fix the release date.fd05e2a
Preparing v1.2.10.b98c32e
Merge branch 'fix-directory-traversal-1.2' into 1.2ac3ee68
Remove unnecessary escaping of + within regex character classes.9d49bf9
Fix relative path loading tests.394c381
Remove private_constant
for consistency and compatibility.5e9f990
Exclude Arch Linux's SECURITY file from the time zone index.17fc9e1
Workaround for 'Permission denied - NUL' errors with JRuby on Windows.6bd7a51
Update copyright years.9905ca9
Fix directory traversal in Timezone.get when using Ruby data source